Re: [ACFUG Discuss] validating credit card numbers with CF

[Frank Moorman]

I used to use CFFORM with CFINPUT until I got burned by ColdFusion 7. When CF7 was first released we upgraded. One or two weeks before our implementation, we found out that their was a major bug (i.e. one that affected many pages in our apps) If you used both CFINPUT's validation routine and added your own custom _javascript_ validation (for business logic that CF wouldn't handle) only one would execute (I forget which one.) We had to scramble for a workaround. We did create a _javascript_ solution (Something like ) but then we needed to apply it to 200 or 300 forms throughout our applications. One or two months later Macromedia fixed the problem, but by then we already started moving to use our own _javascript_ exclusively and when you have a common js include, it really is not that difficult to avoid CFFORM/CFINPUT. Frank On 03/10/2010 02:14 PM, Charlie Arehart wrote: Yep, Shawn, but I realize this is a subject about which some are passionate (and I don’t mean Dean, who has rightfully earned his place in the security pantheon), but I mean others who may have heard bad things about CFFORM (whether they really ever affirmed any issues) and would want to warn others or claim that my suggestion was naïve and leading lambs to slaughter. :-) I’ve seen it so often over the years, that I just didn’t want to have them kick the door in to make their point but rather just open the door so they could make their point without any violence. :-)   /charlie   From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of shawn gorrell Sent: Wednesday, March 10, 2010 1:14 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] validating credit card numbers with CF   Why wouldn't someone use CFFORM for the client side convenience (not validation, because it is not validation)? If it meets your needs, it is often the fastest way. Purists like that are part of the reason why I have problems with the development community at large. Why make anything any more complex than absolutely necessary?  We're in the business of solving functional and non-functional requirements, and there are no style points awarded for being a cool-guy programmer.   From: Charlie Arehart <char...@carehart.org> To: discussion@acfug.org Sent: Wed, March 10, 2010 12:38:10 PM Subject: RE: [ACFUG Discuss] validating credit card numbers with CF And while the back-end validation is of course vital, if you want to do it on the front-end as well (in _javascript_), note that it’s a built-in feature of CFINPUT, validate=”creditcard”. Yes, yes, I know that purists would never use CFFORM, and I know that you can’t rely on client-side validation for security because it can be circumvented and won’t work if JS is disabled on the browser, yadda, yadda. That’s why I note that this would be subsidiary to server-side validation. Still, it’s a lot more user-friendly to catch it on the front-end first, if you can. All that said, I suppose some will still have more to say. Shields up. Engage. :-)   /charlie   ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------